2013-09-03 06:00:17 +00:00
|
|
|
diff -up cracklib-2.9.0/lib/fascist.c.simplistic cracklib-2.9.0/lib/fascist.c
|
2013-10-31 16:03:44 +00:00
|
|
|
--- cracklib-2.9.0/lib/fascist.c.simplistic 2013-10-31 14:46:23.160959124 +0100
|
|
|
|
+++ cracklib-2.9.0/lib/fascist.c 2013-10-31 14:46:23.164959212 +0100
|
2013-09-03 06:00:17 +00:00
|
|
|
@@ -55,7 +55,6 @@ static char *r_destructors[] = {
|
|
|
|
|
|
|
|
"/?p@?p", /* purging out punctuation/symbols/junk */
|
|
|
|
"/?s@?s",
|
|
|
|
- "/?X@?X",
|
|
|
|
|
|
|
|
/* attempt reverse engineering of password strings */
|
|
|
|
|
|
|
|
@@ -454,6 +453,12 @@ GTry(rawtext, password)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (len - strlen(mp) >= 3)
|
|
|
|
+ {
|
|
|
|
+ /* purged too much */
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);
|
|
|
|
#endif
|
|
|
|
@@ -480,6 +485,12 @@ GTry(rawtext, password)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (len - strlen(mp) >= 3)
|
|
|
|
+ {
|
|
|
|
+ /* purged too much */
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);
|
|
|
|
#endif
|
|
|
|
@@ -699,6 +710,7 @@ FascistLookUser(PWDICT *pwp, char *instr
|
|
|
|
char rpassword[STRINGSIZE];
|
|
|
|
char area[STRINGSIZE];
|
|
|
|
uint32_t notfound;
|
|
|
|
+ int len;
|
|
|
|
|
|
|
|
notfound = PW_WORDS(pwp);
|
|
|
|
/* already truncated if from FascistCheck() */
|
|
|
|
@@ -748,6 +760,7 @@ FascistLookUser(PWDICT *pwp, char *instr
|
|
|
|
return _("it is all whitespace");
|
|
|
|
}
|
|
|
|
|
|
|
|
+ len = strlen(password);
|
|
|
|
i = 0;
|
|
|
|
ptr = password;
|
|
|
|
while (ptr[0] && ptr[1])
|
|
|
|
@@ -759,10 +772,9 @@ FascistLookUser(PWDICT *pwp, char *instr
|
|
|
|
ptr++;
|
|
|
|
}
|
|
|
|
|
|
|
|
- /* Change by Ben Karsin from ITS at University of Hawaii at Manoa. Static MAXSTEP
|
|
|
|
- would generate many false positives for long passwords. */
|
|
|
|
- maxrepeat = 3+(0.09*strlen(password));
|
|
|
|
- if (i > maxrepeat)
|
|
|
|
+ /* We were still generating false positives for long passwords.
|
|
|
|
+ Just count systematic double as a single character. */
|
|
|
|
+ if (len - i < MINLEN)
|
|
|
|
{
|
|
|
|
return _("it is too simplistic/systematic");
|
|
|
|
}
|
|
|
|
@@ -795,6 +807,12 @@ FascistLookUser(PWDICT *pwp, char *instr
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ if (len - strlen(a) >= 3)
|
|
|
|
+ {
|
|
|
|
+ /* purged too much */
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("%-16s (dict)\n", a);
|
|
|
|
#endif
|
|
|
|
@@ -815,6 +833,13 @@ FascistLookUser(PWDICT *pwp, char *instr
|
|
|
|
{
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
+
|
|
|
|
+ if (len - strlen(a) >= 3)
|
|
|
|
+ {
|
|
|
|
+ /* purged too much */
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("%-16s (reversed dict)\n", a);
|
|
|
|
#endif
|
2013-10-31 16:03:44 +00:00
|
|
|
diff -up cracklib-2.9.0/util/cracklib-format.simplistic cracklib-2.9.0/util/cracklib-format
|
|
|
|
--- cracklib-2.9.0/util/cracklib-format.simplistic 2013-06-01 16:47:13.000000000 +0200
|
|
|
|
+++ cracklib-2.9.0/util/cracklib-format 2013-10-31 15:24:01.976736045 +0100
|
|
|
|
@@ -3,8 +3,10 @@
|
|
|
|
# This preprocesses a set of word lists into a suitable form for input
|
|
|
|
# into cracklib-packer
|
|
|
|
#
|
|
|
|
+LC_ALL=C
|
|
|
|
+export LC_ALL
|
|
|
|
gzip -cdf "$@" |
|
|
|
|
grep -v '^\(#\|$\)' |
|
|
|
|
- tr '[A-Z]' '[a-z]' |
|
|
|
|
- tr -cd '\012[a-z][0-9]' |
|
|
|
|
+ tr '[:upper:]' '[:lower:]' |
|
|
|
|
+ tr -cd '\n[:graph:]' |
|
|
|
|
sort -u
|